A global online retailer and distributor engaged Myna Partners to benchmark its current privacy program against regulatory requirements in the US, EU, UK, and Canada. This benchmarking process utilized both the NIST Privacy Framework and Myna’s view of industry peer best practices.
The goal was to assess the current maturity levels of the program and identify opportunities to enhance compliance. The client also required a roadmap and action plan to align resources, budget, and prioritize identified gaps.
our approach
Myna Partners worked closely with the client to understand their business, privacy processes, security procedures, and data processing practices. The discovery phase involved a series of workshops and a review of client-provided documents.
Using the NIST Privacy Framework, Myna analyzed the collected information to determine the current maturity level (i.e., “Implementation Tier”) of the client’s privacy program across the Framework’s 96 controls (i.e., “Sub-Categories”). Target maturity levels were assigned based on Myna’s knowledge of industry peer best practices.
Gaps were identified by comparing the current program’s maturity level against the target levels. Each gap was assigned a priority rating (i.e., “Assessment Risk Rating”) based on Myna’s understanding of the client’s risk profile.
The assessment results were used to create a roadmap to address the recommendations. Each recommendation was assigned an estimated level of effort, duration, and stakeholder, with some marked as a “quick win” if applicable.
Finally, Myna compiled the findings and the roadmap content into an executive summary, which was presented to the client sponsor, their team, executives, and additional senior stakeholders.
Program Outcomes
- NIST Privacy Framework Assessment, including a dashboard of metrics on the assessment results and alignment with industry peer maturity levels.
- NIST Privacy Framework Roadmap and Action Plan.
- NIST Benchmarking Report and Executive Summary Presentation.
